Let's doubt it. I am using a blog as an example. I have the Administrator. It makes a full CRUD inside the system. In addition to it I have the Editor and Reviewer. The Editor creates blog posts, but does not publish. And the Reviewer, sees and suggests editing in the post created by the Editor. The Administrator does anything. Creates post, from permission to Editor and Reviewer. Delete, block Users. The editor creates and updates post. And the Reviewer only suggests changes in the post. It is a user access level system. There are several tutorials on the use of passport, but none that help in this doubt.
I'm using this database: passport-mongo